headers

Name: headers
Author: hrconsultnj/claude-plugins

$npx mdskill add hrconsultnj/claude-plugins/headers

Analyzes HTTP security headers for exploitable risks, providing context-aware grading and actionable fixes.

Helps identify and mitigate actual security vulnerabilities in web applications.
Integrates with a fetch command for secure content loading and caching.
Decides recommendations based on risk assessment rather than compliance checklists.
Presents results with detailed explanations and exact commands for remediation.

SKILL.md

.github/skills/headersView on GitHub ↗

---
name: headers
description: HTTP security header analysis — context-aware grading with exploitable-risk focus, not checkbox counting.
argument-hint: "<url>"
---

Analyze HTTP security headers for a given URL. Grades based on actual exploitable risk rather than checkbox compliance. Provides WHY explanations and exact fix commands.

## Content Loading

Load each step through the fetch command (handles caching, decryption, and auth):

```bash
"~/.composure/bin/composure-fetch.mjs" skill sentinel headers {step-filename}
```

**Do NOT read cache files directly** — they are encrypted at rest. Always use the fetch command above.

## Steps

| # | File | 
|---|------|
| 1 | `01-fetch-headers.md` |
| 2 | `02-analyze-headers.md` |
| 3 | `03-overall-grade.md` |
| 4 | `04-report.md` |

More from hrconsultnj/claude-plugins

Skill	Description
app-architecture	Complete architecture guide for building features from database to UI. Routes to frontend/, fullstack/, mobile/, backend/, or sdks/ based on detected stack. Covers decomposition, multi-tenant isolation, auth model, query patterns, and component patterns.
audit-deps	Focused dependency CVE audit — reports vulnerabilities with version info and safe upgrade commands.
backlog	Manage the tasks-plans/ workspace — add items to backlog, ideas, or reference. Process queued work. Organize by topic, not flat dumps.
build-graph	Build or update the code review knowledge graph, generate the visualization, and open it. Run this first to initialize, or let hooks keep it updated automatically.
calibrate	Calibrate test bench — detect test framework, read existing test conventions, generate .claude/testbench.json config. Query Context7 for test framework reference docs. Run once per project.
ci-generate	Generate CI/CD workflow from detected stack. GitHub Actions, GitLab CI, or Bitbucket Pipelines. Includes lint, typecheck, test, build, and deploy stages.
ci-validate	Validate CI/CD workflow files. Runs actionlint for GitHub Actions, checks for common mistakes, and reports issues with fix suggestions.
code-organizer	Restructure a messy project into conventional file layout based on detected framework. Analyzes, plans, executes with import updates, and verifies.
deps-check	Check dependency health -- known CVEs, outdated packages, unsafe versions. Recommends the highest safe version, not just "latest". Blocks Critical CVEs via Composure commit gate.
design-forge	This skill should be used when the user asks to "add premium animations", "create a canvas visualization", "build a glassmorphism panel", "add a custom cursor", "create a generative background", "build an interactive card", "add scroll progress", "add sound design", "create a Three.js hero", "build a creative portfolio", "add particle effects", "add scanlines", "add a typewriter effect", "design a landing page", "implement advanced animations", "add 3D elements", "design using Next.js Conf patterns", "create interactive experience", "add Framer Motion animations", "add GSAP scroll animations", "integrate Spline 3D", or needs guidance on premium web design patterns, creative coding, generative art, micro-interactions, accessibility for animations, or bespoke interactive experiences beyond standard UI components.